Anyone ever consider doing it al server-side - using CFScript and NOCACHE? ====================================== Stop spam on your domain, use our gateway! For hosting solutions http://www.clickdoug.com ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772 ====================================== If you are not satisfied with my service, my job isn't done!
----- Original Message ----- From: "Michael T. Tangorre" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, July 30, 2003 7:43 AM Subject: Re: Here's An Example: WAS [Hiding Javascript Source] | wow | | thats a lot of work to hide JS. | | Brad.. what is in your JS that you want to hide it that bad? | | | | ----- Original Message ----- | From: "Jochem van Dieten" <[EMAIL PROTECTED]> | To: "CF-Talk" <[EMAIL PROTECTED]> | Sent: Wednesday, July 30, 2003 8:41 AM | Subject: Re: Here's An Example: WAS [Hiding Javascript Source] | | | > Brad Roberts wrote: | > | > > The problem lies in the browser caching the page... anyway to get around | > > that? | > > | > > You really can't rely on http_referrer... Here's what I'm doing (in a | > > nutshell). | > > | > > Caller page: | > > ----------------- | > > | > > <cfset server.id = createUUID()> | > > <script language="Javascritpt" src="myJavascript.cfm?id=#id#"> | > > | > > Javascript page: | > > ----------------- | > > | > > <cfif compareNoCase(url.id, server.id) OR len(url.id) EQ 0> | > > .. hacker | > > <cfelse> | > > <cfset server.id = ""> | > > </cfif> | > > | > > javascript code here....... | > | > If I wanted to make it more difficult (not impossible) for | > somebody to get to the source of my javascript I would use a | > combination of mechanisms. First, on the page referring to the | > javascript set a cookie, then use a <script ...> to link to the | > javascript. | > On the server, check both the referrer and the presence of the | > cookie and make sure the javascript is encrypted with the cookie | > as the key. From the first page, decrypt the javascript and | > execute it (you can do eval() on a variable that is just a bunch | > of javascript, right?). Make sure the last command from the | > decrypted javascript is to delete the cookie. | > | > This bypasses the caching problem, because an encrypted version | > is cached, and you throw the key away as soon as it is decrypted. | > But with the right tools to track HTTP headers, this is still | > easy to bypass. | > | > Jochem | > | > | > | > | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
